Hi guys, I basically just want to know if port 22 is closed by default on Linux Mint? Furthermore does it remain closed when using a VPN through OpenVPN?

The reason for my concerns are the other night I was on a chat which I didn't realize until later used P2P feeds and lots of people have been known to try and hack people on that chat. However when I was on it I had Firewall enabled and was using a vpn which was PureVPN.

Also after performing a chkrootkit scan I saw a possible windigo warning which I think is related to the port ssh 22.

The only other ports I knew of that are vulnerable are the samba ports.

Thanks for your time.

Well, strictly speaking, "a port" cannot be said to be "vulnerable." What matters is what is listening to it.

IMHO, most of your services should never be "listening to the world."

As a fairly-blanket statement, in all of the systems that I now have deployed ... anywhere ... that "directly face the public Internet," the only ports that are ever open are HTTP and HTTPS.

All other services that the computer might offer ... ssh, chat, and so on ... are secured behind certificate-based OpenVPN, as I have described in my blog-post How to Build A 'Dwarvish Door' With OpenVPN. A "port scan" of the server will never reveal to anyone that OpenVPN even exists, while authorized users can gain access to it within a few seconds. Once there, they can avail themselves of the server's other services without any further impediment.

1 members found this post helpful.

Unless you have sshd running and listening on port 22 it should not even be active. That said, I have had hits on my server reporting possible windigo faults but those were known similarities to windigo and not an actual problem. Do your research.

Random port scans are a fact of life on the internet. If there is a port, you can be sure that someone will try to scan it. As long as it cannot be penetrated, port scans should be viewed as just something to live with.

As I suggested earlier: "know which ports are open, or which might become opened, and why."

A more general way to say it: "know which services (daemons ...) are running on your system, and why!"

Then, as I mentioned in my previous post when talking about "Dwarvish Doors," consider whether this machine should really be exposing these things to "absolutely anyone in the world who might come to call." If these things are only supposed to be made available to "a handful of IPs," then very-seriously consider using technologies such as OpenVPN ... deployed as I described in that blog post ... to "shut the damned door!" to everyone on Planet Earth who does not belong have any good reason to be knocking on it.

As they say, "the most important person in any executive's [business ...] life is his or her Executive Assistant."

Unless you have weird port forwarding or something else even more strange going on, port 22 is for ssh. I'm not sure about Linux Mint, but this would not be uncommon at all for any linux server. The point of a server is to serve clients and ssh is the primary means of controlling a server in my experience. Desktop installations (like Ubuntu Desktop) are a bit different. I believe when I installed Ubuntu on my desktop that ssh was not enabled.

If ssh is open, it will be listening on port 22 and therefore vulnerable to a port scan. I'm not sure how being connected to a VPN might affect this, but would strongly suggest that you take pains to lock down ssh access to your machine as much as possible. If you don't need it, turn it off. If you need it running because you expect to connect to this machine, I would suggest disabling direct root login, disabling password logins (require key pair authentication instead), making sure you have fail2ban installed, and limiting connections on port 22 using iptables or something similar to networks that you connect from and no others. In practice this can be a bit tricky.

It's very easy, actually.

As I discuss or at least allude-to in "Dwarvish Door," you don't open any port-forwarding to the outside world, except for OpenVPN [i](which you conceal using tls-auth, and you (recommended) configure sshd with something like ListenAddress 10.8.0.1.

So, the only way to reach the server (or, as the case may be, the protected subnet), is to successfully pass through the OpenVPN gantlet ... using your one-of-a-kind non-revoked 4096-bit digital certificates, of course. Once there, but only once there, you can use ssh to go farther.

And, natcherly, the only thing that these sshd's will be listening for, or permitting, is ... "yet another digital certificate!" ("login:" is, of course(!), never an option ... right?)

Authorized users pass swiftly and surely to their destination, seemingly without impediment. (Unless you wish to present them with a challenge.) You can give them a friendly wave as they pass by, because you know who they surely must be.

If you used tls-auth (and the customary UDP, not TCP/IP), no one else can even find the door. Let alone pass through it.

This thread is a bit derailed.

To the op: use a web service scan in order to find if you have open ports, such as:
https://www.grc.com/shieldsup